Red Hat Enterprise Linux 7 update for kernel-rt



Published: 2021-03-18 | Updated: 2021-08-15
Risk Medium
Patch available YES
Number of vulnerabilities 11
CVE ID CVE-2019-19532
CVE-2020-0427
CVE-2020-7053
CVE-2020-14351
CVE-2020-25211
CVE-2020-25645
CVE-2020-25656
CVE-2020-25705
CVE-2020-28374
CVE-2020-29661
CVE-2021-20265
CWE ID CWE-787
CWE-125
CWE-416
CWE-119
CWE-319
CWE-330
CWE-22
CWE-667
CWE-400
Exploitation vector Network
Public exploit Public exploit code for vulnerability #8 is available.
Vulnerable software
Subscribe
kernel-rt (Red Hat package)
Operating systems & Components / Operating system package or component

Red Hat Enterprise Linux for Real Time
Operating systems & Components / Operating system

Red Hat Enterprise Linux for Real Time for NFV
Operating systems & Components / Operating system

Vendor Red Hat Inc.

Security Advisory

1) Out-of-bounds write

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-19532

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c. A local user with physical access can use a malicious USB device in the Linux kernel HID drivers, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1, 3.10.0-229.4.2.rt56.141.6.el7_1, 3.10.0-229.11.1.rt56.141.11.el7_1, 3.10.0-229.14.1.rt56.141.13.el7_1, 3.10.0-229.20.1.rt56.141.14.el7_1, 3.10.0-327.4.5.rt56.206.el7_2, 3.10.0-327.10.1.rt56.211.el7_2, 3.10.0-327.18.2.rt56.223.el7_2, 3.10.0-327.22.2.rt56.230.el7_2, 3.10.0-327.28.2.rt56.234.el7_2, 3.10.0-327.28.3.rt56.235.el7, 3.10.0-327.36.1.rt56.237.el7, 3.10.0-327.36.3.rt56.238.el7, 3.10.0-327.rt56.204.el7, 3.10.0-514.6.1.rt56.429.el7, 3.10.0-514.6.1.rt56.430.el7, 3.10.0-514.10.2.rt56.435.el7, 3.10.0-514.16.1.rt56.437.el7, 3.10.0-514.21.1.rt56.438.el7, 3.10.0-514.26.1.rt56.442.el7, 3.10.0-514.rt56.420.el7, 3.10.0-693.2.1.rt56.620.el7, 3.10.0-693.2.2.rt56.623.el7, 3.10.0-693.5.2.rt56.626.el7, 3.10.0-693.11.1.rt56.632.el7, 3.10.0-693.17.1.rt56.636.el7, 3.10.0-693.21.1.rt56.639.el7, 3.10.0-693.rt56.617.el7, 3.10.0-862.2.3.rt56.806.el7, 3.10.0-862.3.2.rt56.808.el7, 3.10.0-862.3.3.rt56.809.el7, 3.10.0-862.6.3.rt56.811.el7, 3.10.0-862.11.6.rt56.819.el7, 3.10.0-862.14.4.rt56.821.el7, 3.10.0-862.rt56.804.el7, 3.10.0-957.1.3.rt56.913.el7, 3.10.0-957.5.1.rt56.916.el7, 3.10.0-957.10.1.rt56.921.el7, 3.10.0-957.12.1.rt56.927.el7, 3.10.0-957.12.2.rt56.929.el7, 3.10.0-957.21.3.rt56.935.el7, 3.10.0-957.27.2.rt56.940.el7, 3.10.0-957.rt56.910.el7, 3.10.0-1062.1.1.rt56.1024.el7, 3.10.0-1062.1.2.rt56.1025.el7, 3.10.0-1062.4.1.rt56.1027.el7, 3.10.0-1062.4.2.rt56.1028.el7, 3.10.0-1062.4.3.rt56.1029.el7, 3.10.0-1062.7.1.rt56.1030.el7, 3.10.0-1062.12.1.rt56.1042.el7, 3.10.0-1062.18.1.rt56.1044.el7, 3.10.0-1062.rt56.1022.el7, 3.10.0-1127.18.2.rt56.1116.el7, 3.10.0-1127.19.1.rt56.1116.el7, 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7

CPE External links

https://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

Risk: Medium

CVSSv3.1: 5.1 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2020-0427

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a use after free when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1, 3.10.0-229.4.2.rt56.141.6.el7_1, 3.10.0-229.11.1.rt56.141.11.el7_1, 3.10.0-229.14.1.rt56.141.13.el7_1, 3.10.0-229.20.1.rt56.141.14.el7_1, 3.10.0-327.4.5.rt56.206.el7_2, 3.10.0-327.10.1.rt56.211.el7_2, 3.10.0-327.18.2.rt56.223.el7_2, 3.10.0-327.22.2.rt56.230.el7_2, 3.10.0-327.28.2.rt56.234.el7_2, 3.10.0-327.28.3.rt56.235.el7, 3.10.0-327.36.1.rt56.237.el7, 3.10.0-327.36.3.rt56.238.el7, 3.10.0-327.rt56.204.el7, 3.10.0-514.6.1.rt56.429.el7, 3.10.0-514.6.1.rt56.430.el7, 3.10.0-514.10.2.rt56.435.el7, 3.10.0-514.16.1.rt56.437.el7, 3.10.0-514.21.1.rt56.438.el7, 3.10.0-514.26.1.rt56.442.el7, 3.10.0-514.rt56.420.el7, 3.10.0-693.2.1.rt56.620.el7, 3.10.0-693.2.2.rt56.623.el7, 3.10.0-693.5.2.rt56.626.el7, 3.10.0-693.11.1.rt56.632.el7, 3.10.0-693.17.1.rt56.636.el7, 3.10.0-693.21.1.rt56.639.el7, 3.10.0-693.rt56.617.el7, 3.10.0-862.2.3.rt56.806.el7, 3.10.0-862.3.2.rt56.808.el7, 3.10.0-862.3.3.rt56.809.el7, 3.10.0-862.6.3.rt56.811.el7, 3.10.0-862.11.6.rt56.819.el7, 3.10.0-862.14.4.rt56.821.el7, 3.10.0-862.rt56.804.el7, 3.10.0-957.1.3.rt56.913.el7, 3.10.0-957.5.1.rt56.916.el7, 3.10.0-957.10.1.rt56.921.el7, 3.10.0-957.12.1.rt56.927.el7, 3.10.0-957.12.2.rt56.929.el7, 3.10.0-957.21.3.rt56.935.el7, 3.10.0-957.27.2.rt56.940.el7, 3.10.0-957.rt56.910.el7, 3.10.0-1062.1.1.rt56.1024.el7, 3.10.0-1062.1.2.rt56.1025.el7, 3.10.0-1062.4.1.rt56.1027.el7, 3.10.0-1062.4.2.rt56.1028.el7, 3.10.0-1062.4.3.rt56.1029.el7, 3.10.0-1062.7.1.rt56.1030.el7, 3.10.0-1062.12.1.rt56.1042.el7, 3.10.0-1062.18.1.rt56.1044.el7, 3.10.0-1062.rt56.1022.el7, 3.10.0-1127.18.2.rt56.1116.el7, 3.10.0-1127.19.1.rt56.1116.el7, 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7

CPE External links

https://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-7053

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the i915_ppgtt_close() function in drivers/gpu/drm/i915/i915_gem_gtt.c, related to i915_gem_context_destroy_ioctl() call in drivers/gpu/drm/i915/i915_gem_context.c. A local user can run a specially crafted application to execute arbitrary code on the system with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1, 3.10.0-229.4.2.rt56.141.6.el7_1, 3.10.0-229.11.1.rt56.141.11.el7_1, 3.10.0-229.14.1.rt56.141.13.el7_1, 3.10.0-229.20.1.rt56.141.14.el7_1, 3.10.0-327.4.5.rt56.206.el7_2, 3.10.0-327.10.1.rt56.211.el7_2, 3.10.0-327.18.2.rt56.223.el7_2, 3.10.0-327.22.2.rt56.230.el7_2, 3.10.0-327.28.2.rt56.234.el7_2, 3.10.0-327.28.3.rt56.235.el7, 3.10.0-327.36.1.rt56.237.el7, 3.10.0-327.36.3.rt56.238.el7, 3.10.0-327.rt56.204.el7, 3.10.0-514.6.1.rt56.429.el7, 3.10.0-514.6.1.rt56.430.el7, 3.10.0-514.10.2.rt56.435.el7, 3.10.0-514.16.1.rt56.437.el7, 3.10.0-514.21.1.rt56.438.el7, 3.10.0-514.26.1.rt56.442.el7, 3.10.0-514.rt56.420.el7, 3.10.0-693.2.1.rt56.620.el7, 3.10.0-693.2.2.rt56.623.el7, 3.10.0-693.5.2.rt56.626.el7, 3.10.0-693.11.1.rt56.632.el7, 3.10.0-693.17.1.rt56.636.el7, 3.10.0-693.21.1.rt56.639.el7, 3.10.0-693.rt56.617.el7, 3.10.0-862.2.3.rt56.806.el7, 3.10.0-862.3.2.rt56.808.el7, 3.10.0-862.3.3.rt56.809.el7, 3.10.0-862.6.3.rt56.811.el7, 3.10.0-862.11.6.rt56.819.el7, 3.10.0-862.14.4.rt56.821.el7, 3.10.0-862.rt56.804.el7, 3.10.0-957.1.3.rt56.913.el7, 3.10.0-957.5.1.rt56.916.el7, 3.10.0-957.10.1.rt56.921.el7, 3.10.0-957.12.1.rt56.927.el7, 3.10.0-957.12.2.rt56.929.el7, 3.10.0-957.21.3.rt56.935.el7, 3.10.0-957.27.2.rt56.940.el7, 3.10.0-957.rt56.910.el7, 3.10.0-1062.1.1.rt56.1024.el7, 3.10.0-1062.1.2.rt56.1025.el7, 3.10.0-1062.4.1.rt56.1027.el7, 3.10.0-1062.4.2.rt56.1028.el7, 3.10.0-1062.4.3.rt56.1029.el7, 3.10.0-1062.7.1.rt56.1030.el7, 3.10.0-1062.12.1.rt56.1042.el7, 3.10.0-1062.18.1.rt56.1044.el7, 3.10.0-1062.rt56.1022.el7, 3.10.0-1127.18.2.rt56.1116.el7, 3.10.0-1127.19.1.rt56.1116.el7, 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7

CPE External links

https://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-14351

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the perf subsystem. A local user with permission to monitor perf events cam corrupt memory and execute arbitrary code with elevated privileges.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1, 3.10.0-229.4.2.rt56.141.6.el7_1, 3.10.0-229.11.1.rt56.141.11.el7_1, 3.10.0-229.14.1.rt56.141.13.el7_1, 3.10.0-229.20.1.rt56.141.14.el7_1, 3.10.0-327.4.5.rt56.206.el7_2, 3.10.0-327.10.1.rt56.211.el7_2, 3.10.0-327.18.2.rt56.223.el7_2, 3.10.0-327.22.2.rt56.230.el7_2, 3.10.0-327.28.2.rt56.234.el7_2, 3.10.0-327.28.3.rt56.235.el7, 3.10.0-327.36.1.rt56.237.el7, 3.10.0-327.36.3.rt56.238.el7, 3.10.0-327.rt56.204.el7, 3.10.0-514.6.1.rt56.429.el7, 3.10.0-514.6.1.rt56.430.el7, 3.10.0-514.10.2.rt56.435.el7, 3.10.0-514.16.1.rt56.437.el7, 3.10.0-514.21.1.rt56.438.el7, 3.10.0-514.26.1.rt56.442.el7, 3.10.0-514.rt56.420.el7, 3.10.0-693.2.1.rt56.620.el7, 3.10.0-693.2.2.rt56.623.el7, 3.10.0-693.5.2.rt56.626.el7, 3.10.0-693.11.1.rt56.632.el7, 3.10.0-693.17.1.rt56.636.el7, 3.10.0-693.21.1.rt56.639.el7, 3.10.0-693.rt56.617.el7, 3.10.0-862.2.3.rt56.806.el7, 3.10.0-862.3.2.rt56.808.el7, 3.10.0-862.3.3.rt56.809.el7, 3.10.0-862.6.3.rt56.811.el7, 3.10.0-862.11.6.rt56.819.el7, 3.10.0-862.14.4.rt56.821.el7, 3.10.0-862.rt56.804.el7, 3.10.0-957.1.3.rt56.913.el7, 3.10.0-957.5.1.rt56.916.el7, 3.10.0-957.10.1.rt56.921.el7, 3.10.0-957.12.1.rt56.927.el7, 3.10.0-957.12.2.rt56.929.el7, 3.10.0-957.21.3.rt56.935.el7, 3.10.0-957.27.2.rt56.940.el7, 3.10.0-957.rt56.910.el7, 3.10.0-1062.1.1.rt56.1024.el7, 3.10.0-1062.1.2.rt56.1025.el7, 3.10.0-1062.4.1.rt56.1027.el7, 3.10.0-1062.4.2.rt56.1028.el7, 3.10.0-1062.4.3.rt56.1029.el7, 3.10.0-1062.7.1.rt56.1030.el7, 3.10.0-1062.12.1.rt56.1042.el7, 3.10.0-1062.18.1.rt56.1044.el7, 3.10.0-1062.rt56.1022.el7, 3.10.0-1127.18.2.rt56.1116.el7, 3.10.0-1127.19.1.rt56.1116.el7, 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7

CPE External links

https://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-25211

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a local user to crash the system.

The vulnerability exists due to a boundary error within the ctnetlink_parse_tuple_filter() function in net/netfilter/nf_conntrack_netlink.c. A local user can inject conntrack netlink configuration, trigger buffer overflow and crash the kernel or force usage of incorrect protocol numbers.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1, 3.10.0-229.4.2.rt56.141.6.el7_1, 3.10.0-229.11.1.rt56.141.11.el7_1, 3.10.0-229.14.1.rt56.141.13.el7_1, 3.10.0-229.20.1.rt56.141.14.el7_1, 3.10.0-327.4.5.rt56.206.el7_2, 3.10.0-327.10.1.rt56.211.el7_2, 3.10.0-327.18.2.rt56.223.el7_2, 3.10.0-327.22.2.rt56.230.el7_2, 3.10.0-327.28.2.rt56.234.el7_2, 3.10.0-327.28.3.rt56.235.el7, 3.10.0-327.36.1.rt56.237.el7, 3.10.0-327.36.3.rt56.238.el7, 3.10.0-327.rt56.204.el7, 3.10.0-514.6.1.rt56.429.el7, 3.10.0-514.6.1.rt56.430.el7, 3.10.0-514.10.2.rt56.435.el7, 3.10.0-514.16.1.rt56.437.el7, 3.10.0-514.21.1.rt56.438.el7, 3.10.0-514.26.1.rt56.442.el7, 3.10.0-514.rt56.420.el7, 3.10.0-693.2.1.rt56.620.el7, 3.10.0-693.2.2.rt56.623.el7, 3.10.0-693.5.2.rt56.626.el7, 3.10.0-693.11.1.rt56.632.el7, 3.10.0-693.17.1.rt56.636.el7, 3.10.0-693.21.1.rt56.639.el7, 3.10.0-693.rt56.617.el7, 3.10.0-862.2.3.rt56.806.el7, 3.10.0-862.3.2.rt56.808.el7, 3.10.0-862.3.3.rt56.809.el7, 3.10.0-862.6.3.rt56.811.el7, 3.10.0-862.11.6.rt56.819.el7, 3.10.0-862.14.4.rt56.821.el7, 3.10.0-862.rt56.804.el7, 3.10.0-957.1.3.rt56.913.el7, 3.10.0-957.5.1.rt56.916.el7, 3.10.0-957.10.1.rt56.921.el7, 3.10.0-957.12.1.rt56.927.el7, 3.10.0-957.12.2.rt56.929.el7, 3.10.0-957.21.3.rt56.935.el7, 3.10.0-957.27.2.rt56.940.el7, 3.10.0-957.rt56.910.el7, 3.10.0-1062.1.1.rt56.1024.el7, 3.10.0-1062.1.2.rt56.1025.el7, 3.10.0-1062.4.1.rt56.1027.el7, 3.10.0-1062.4.2.rt56.1028.el7, 3.10.0-1062.4.3.rt56.1029.el7, 3.10.0-1062.7.1.rt56.1030.el7, 3.10.0-1062.12.1.rt56.1042.el7, 3.10.0-1062.18.1.rt56.1044.el7, 3.10.0-1062.rt56.1022.el7, 3.10.0-1127.18.2.rt56.1116.el7, 3.10.0-1127.19.1.rt56.1116.el7, 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7

CPE External links

https://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Cleartext transmission of sensitive information

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-25645

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to traffic passed between two Geneve endpoints with configured IPsec can be unencrypted for the specific UDP port. A remote attacker with ability to intercept network traffic can gain access to sensitive data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1, 3.10.0-229.4.2.rt56.141.6.el7_1, 3.10.0-229.11.1.rt56.141.11.el7_1, 3.10.0-229.14.1.rt56.141.13.el7_1, 3.10.0-229.20.1.rt56.141.14.el7_1, 3.10.0-327.4.5.rt56.206.el7_2, 3.10.0-327.10.1.rt56.211.el7_2, 3.10.0-327.18.2.rt56.223.el7_2, 3.10.0-327.22.2.rt56.230.el7_2, 3.10.0-327.28.2.rt56.234.el7_2, 3.10.0-327.28.3.rt56.235.el7, 3.10.0-327.36.1.rt56.237.el7, 3.10.0-327.36.3.rt56.238.el7, 3.10.0-327.rt56.204.el7, 3.10.0-514.6.1.rt56.429.el7, 3.10.0-514.6.1.rt56.430.el7, 3.10.0-514.10.2.rt56.435.el7, 3.10.0-514.16.1.rt56.437.el7, 3.10.0-514.21.1.rt56.438.el7, 3.10.0-514.26.1.rt56.442.el7, 3.10.0-514.rt56.420.el7, 3.10.0-693.2.1.rt56.620.el7, 3.10.0-693.2.2.rt56.623.el7, 3.10.0-693.5.2.rt56.626.el7, 3.10.0-693.11.1.rt56.632.el7, 3.10.0-693.17.1.rt56.636.el7, 3.10.0-693.21.1.rt56.639.el7, 3.10.0-693.rt56.617.el7, 3.10.0-862.2.3.rt56.806.el7, 3.10.0-862.3.2.rt56.808.el7, 3.10.0-862.3.3.rt56.809.el7, 3.10.0-862.6.3.rt56.811.el7, 3.10.0-862.11.6.rt56.819.el7, 3.10.0-862.14.4.rt56.821.el7, 3.10.0-862.rt56.804.el7, 3.10.0-957.1.3.rt56.913.el7, 3.10.0-957.5.1.rt56.916.el7, 3.10.0-957.10.1.rt56.921.el7, 3.10.0-957.12.1.rt56.927.el7, 3.10.0-957.12.2.rt56.929.el7, 3.10.0-957.21.3.rt56.935.el7, 3.10.0-957.27.2.rt56.940.el7, 3.10.0-957.rt56.910.el7, 3.10.0-1062.1.1.rt56.1024.el7, 3.10.0-1062.1.2.rt56.1025.el7, 3.10.0-1062.4.1.rt56.1027.el7, 3.10.0-1062.4.2.rt56.1028.el7, 3.10.0-1062.4.3.rt56.1029.el7, 3.10.0-1062.7.1.rt56.1030.el7, 3.10.0-1062.12.1.rt56.1042.el7, 3.10.0-1062.18.1.rt56.1044.el7, 3.10.0-1062.rt56.1022.el7, 3.10.0-1127.18.2.rt56.1116.el7, 3.10.0-1127.19.1.rt56.1116.el7, 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7

CPE External links

https://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-25656

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error in the way the console subsystem uses KDGKBSENT and KDSKBSENT IOCTLs. A local user can run a specially crafted program to trigger an out-of-bounds read and gain access to sensitive information.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1, 3.10.0-229.4.2.rt56.141.6.el7_1, 3.10.0-229.11.1.rt56.141.11.el7_1, 3.10.0-229.14.1.rt56.141.13.el7_1, 3.10.0-229.20.1.rt56.141.14.el7_1, 3.10.0-327.4.5.rt56.206.el7_2, 3.10.0-327.10.1.rt56.211.el7_2, 3.10.0-327.18.2.rt56.223.el7_2, 3.10.0-327.22.2.rt56.230.el7_2, 3.10.0-327.28.2.rt56.234.el7_2, 3.10.0-327.28.3.rt56.235.el7, 3.10.0-327.36.1.rt56.237.el7, 3.10.0-327.36.3.rt56.238.el7, 3.10.0-327.rt56.204.el7, 3.10.0-514.6.1.rt56.429.el7, 3.10.0-514.6.1.rt56.430.el7, 3.10.0-514.10.2.rt56.435.el7, 3.10.0-514.16.1.rt56.437.el7, 3.10.0-514.21.1.rt56.438.el7, 3.10.0-514.26.1.rt56.442.el7, 3.10.0-514.rt56.420.el7, 3.10.0-693.2.1.rt56.620.el7, 3.10.0-693.2.2.rt56.623.el7, 3.10.0-693.5.2.rt56.626.el7, 3.10.0-693.11.1.rt56.632.el7, 3.10.0-693.17.1.rt56.636.el7, 3.10.0-693.21.1.rt56.639.el7, 3.10.0-693.rt56.617.el7, 3.10.0-862.2.3.rt56.806.el7, 3.10.0-862.3.2.rt56.808.el7, 3.10.0-862.3.3.rt56.809.el7, 3.10.0-862.6.3.rt56.811.el7, 3.10.0-862.11.6.rt56.819.el7, 3.10.0-862.14.4.rt56.821.el7, 3.10.0-862.rt56.804.el7, 3.10.0-957.1.3.rt56.913.el7, 3.10.0-957.5.1.rt56.916.el7, 3.10.0-957.10.1.rt56.921.el7, 3.10.0-957.12.1.rt56.927.el7, 3.10.0-957.12.2.rt56.929.el7, 3.10.0-957.21.3.rt56.935.el7, 3.10.0-957.27.2.rt56.940.el7, 3.10.0-957.rt56.910.el7, 3.10.0-1062.1.1.rt56.1024.el7, 3.10.0-1062.1.2.rt56.1025.el7, 3.10.0-1062.4.1.rt56.1027.el7, 3.10.0-1062.4.2.rt56.1028.el7, 3.10.0-1062.4.3.rt56.1029.el7, 3.10.0-1062.7.1.rt56.1030.el7, 3.10.0-1062.12.1.rt56.1042.el7, 3.10.0-1062.18.1.rt56.1044.el7, 3.10.0-1062.rt56.1022.el7, 3.10.0-1127.18.2.rt56.1116.el7, 3.10.0-1127.19.1.rt56.1116.el7, 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7

CPE External links

https://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use of insufficiently random values

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-25705

CWE-ID: CWE-330 - Use of Insufficiently Random Values

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1, 3.10.0-229.4.2.rt56.141.6.el7_1, 3.10.0-229.11.1.rt56.141.11.el7_1, 3.10.0-229.14.1.rt56.141.13.el7_1, 3.10.0-229.20.1.rt56.141.14.el7_1, 3.10.0-327.4.5.rt56.206.el7_2, 3.10.0-327.10.1.rt56.211.el7_2, 3.10.0-327.18.2.rt56.223.el7_2, 3.10.0-327.22.2.rt56.230.el7_2, 3.10.0-327.28.2.rt56.234.el7_2, 3.10.0-327.28.3.rt56.235.el7, 3.10.0-327.36.1.rt56.237.el7, 3.10.0-327.36.3.rt56.238.el7, 3.10.0-327.rt56.204.el7, 3.10.0-514.6.1.rt56.429.el7, 3.10.0-514.6.1.rt56.430.el7, 3.10.0-514.10.2.rt56.435.el7, 3.10.0-514.16.1.rt56.437.el7, 3.10.0-514.21.1.rt56.438.el7, 3.10.0-514.26.1.rt56.442.el7, 3.10.0-514.rt56.420.el7, 3.10.0-693.2.1.rt56.620.el7, 3.10.0-693.2.2.rt56.623.el7, 3.10.0-693.5.2.rt56.626.el7, 3.10.0-693.11.1.rt56.632.el7, 3.10.0-693.17.1.rt56.636.el7, 3.10.0-693.21.1.rt56.639.el7, 3.10.0-693.rt56.617.el7, 3.10.0-862.2.3.rt56.806.el7, 3.10.0-862.3.2.rt56.808.el7, 3.10.0-862.3.3.rt56.809.el7, 3.10.0-862.6.3.rt56.811.el7, 3.10.0-862.11.6.rt56.819.el7, 3.10.0-862.14.4.rt56.821.el7, 3.10.0-862.rt56.804.el7, 3.10.0-957.1.3.rt56.913.el7, 3.10.0-957.5.1.rt56.916.el7, 3.10.0-957.10.1.rt56.921.el7, 3.10.0-957.12.1.rt56.927.el7, 3.10.0-957.12.2.rt56.929.el7, 3.10.0-957.21.3.rt56.935.el7, 3.10.0-957.27.2.rt56.940.el7, 3.10.0-957.rt56.910.el7, 3.10.0-1062.1.1.rt56.1024.el7, 3.10.0-1062.1.2.rt56.1025.el7, 3.10.0-1062.4.1.rt56.1027.el7, 3.10.0-1062.4.2.rt56.1028.el7, 3.10.0-1062.4.3.rt56.1029.el7, 3.10.0-1062.7.1.rt56.1030.el7, 3.10.0-1062.12.1.rt56.1042.el7, 3.10.0-1062.18.1.rt56.1044.el7, 3.10.0-1062.rt56.1022.el7, 3.10.0-1127.18.2.rt56.1116.el7, 3.10.0-1127.19.1.rt56.1116.el7, 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7

CPE External links

https://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

9) Path traversal

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-28374

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in drivers/target/target_core_xcopy.c in the Linux kernel. A remote user with access to iSCSI LUN can send a specially crafted XCOPY request and read or write arbitrary files on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1, 3.10.0-229.4.2.rt56.141.6.el7_1, 3.10.0-229.11.1.rt56.141.11.el7_1, 3.10.0-229.14.1.rt56.141.13.el7_1, 3.10.0-229.20.1.rt56.141.14.el7_1, 3.10.0-327.4.5.rt56.206.el7_2, 3.10.0-327.10.1.rt56.211.el7_2, 3.10.0-327.18.2.rt56.223.el7_2, 3.10.0-327.22.2.rt56.230.el7_2, 3.10.0-327.28.2.rt56.234.el7_2, 3.10.0-327.28.3.rt56.235.el7, 3.10.0-327.36.1.rt56.237.el7, 3.10.0-327.36.3.rt56.238.el7, 3.10.0-327.rt56.204.el7, 3.10.0-514.6.1.rt56.429.el7, 3.10.0-514.6.1.rt56.430.el7, 3.10.0-514.10.2.rt56.435.el7, 3.10.0-514.16.1.rt56.437.el7, 3.10.0-514.21.1.rt56.438.el7, 3.10.0-514.26.1.rt56.442.el7, 3.10.0-514.rt56.420.el7, 3.10.0-693.2.1.rt56.620.el7, 3.10.0-693.2.2.rt56.623.el7, 3.10.0-693.5.2.rt56.626.el7, 3.10.0-693.11.1.rt56.632.el7, 3.10.0-693.17.1.rt56.636.el7, 3.10.0-693.21.1.rt56.639.el7, 3.10.0-693.rt56.617.el7, 3.10.0-862.2.3.rt56.806.el7, 3.10.0-862.3.2.rt56.808.el7, 3.10.0-862.3.3.rt56.809.el7, 3.10.0-862.6.3.rt56.811.el7, 3.10.0-862.11.6.rt56.819.el7, 3.10.0-862.14.4.rt56.821.el7, 3.10.0-862.rt56.804.el7, 3.10.0-957.1.3.rt56.913.el7, 3.10.0-957.5.1.rt56.916.el7, 3.10.0-957.10.1.rt56.921.el7, 3.10.0-957.12.1.rt56.927.el7, 3.10.0-957.12.2.rt56.929.el7, 3.10.0-957.21.3.rt56.935.el7, 3.10.0-957.27.2.rt56.940.el7, 3.10.0-957.rt56.910.el7, 3.10.0-1062.1.1.rt56.1024.el7, 3.10.0-1062.1.2.rt56.1025.el7, 3.10.0-1062.4.1.rt56.1027.el7, 3.10.0-1062.4.2.rt56.1028.el7, 3.10.0-1062.4.3.rt56.1029.el7, 3.10.0-1062.7.1.rt56.1030.el7, 3.10.0-1062.12.1.rt56.1042.el7, 3.10.0-1062.18.1.rt56.1044.el7, 3.10.0-1062.rt56.1022.el7, 3.10.0-1127.18.2.rt56.1116.el7, 3.10.0-1127.19.1.rt56.1116.el7, 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7

CPE External links

https://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper locking

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-29661

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a escalate privileges on the system.

The vulnerability exists due to locking error in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. An local user can exploit this vulnerability to trigger a use-after-free error against TIOCSPGRP and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1, 3.10.0-229.4.2.rt56.141.6.el7_1, 3.10.0-229.11.1.rt56.141.11.el7_1, 3.10.0-229.14.1.rt56.141.13.el7_1, 3.10.0-229.20.1.rt56.141.14.el7_1, 3.10.0-327.4.5.rt56.206.el7_2, 3.10.0-327.10.1.rt56.211.el7_2, 3.10.0-327.18.2.rt56.223.el7_2, 3.10.0-327.22.2.rt56.230.el7_2, 3.10.0-327.28.2.rt56.234.el7_2, 3.10.0-327.28.3.rt56.235.el7, 3.10.0-327.36.1.rt56.237.el7, 3.10.0-327.36.3.rt56.238.el7, 3.10.0-327.rt56.204.el7, 3.10.0-514.6.1.rt56.429.el7, 3.10.0-514.6.1.rt56.430.el7, 3.10.0-514.10.2.rt56.435.el7, 3.10.0-514.16.1.rt56.437.el7, 3.10.0-514.21.1.rt56.438.el7, 3.10.0-514.26.1.rt56.442.el7, 3.10.0-514.rt56.420.el7, 3.10.0-693.2.1.rt56.620.el7, 3.10.0-693.2.2.rt56.623.el7, 3.10.0-693.5.2.rt56.626.el7, 3.10.0-693.11.1.rt56.632.el7, 3.10.0-693.17.1.rt56.636.el7, 3.10.0-693.21.1.rt56.639.el7, 3.10.0-693.rt56.617.el7, 3.10.0-862.2.3.rt56.806.el7, 3.10.0-862.3.2.rt56.808.el7, 3.10.0-862.3.3.rt56.809.el7, 3.10.0-862.6.3.rt56.811.el7, 3.10.0-862.11.6.rt56.819.el7, 3.10.0-862.14.4.rt56.821.el7, 3.10.0-862.rt56.804.el7, 3.10.0-957.1.3.rt56.913.el7, 3.10.0-957.5.1.rt56.916.el7, 3.10.0-957.10.1.rt56.921.el7, 3.10.0-957.12.1.rt56.927.el7, 3.10.0-957.12.2.rt56.929.el7, 3.10.0-957.21.3.rt56.935.el7, 3.10.0-957.27.2.rt56.940.el7, 3.10.0-957.rt56.910.el7, 3.10.0-1062.1.1.rt56.1024.el7, 3.10.0-1062.1.2.rt56.1025.el7, 3.10.0-1062.4.1.rt56.1027.el7, 3.10.0-1062.4.2.rt56.1028.el7, 3.10.0-1062.4.3.rt56.1029.el7, 3.10.0-1062.7.1.rt56.1030.el7, 3.10.0-1062.12.1.rt56.1042.el7, 3.10.0-1062.18.1.rt56.1044.el7, 3.10.0-1062.rt56.1022.el7, 3.10.0-1127.18.2.rt56.1116.el7, 3.10.0-1127.19.1.rt56.1116.el7, 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7

CPE External links

https://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource exhaustion

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2021-20265

CWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1, 3.10.0-229.4.2.rt56.141.6.el7_1, 3.10.0-229.11.1.rt56.141.11.el7_1, 3.10.0-229.14.1.rt56.141.13.el7_1, 3.10.0-229.20.1.rt56.141.14.el7_1, 3.10.0-327.4.5.rt56.206.el7_2, 3.10.0-327.10.1.rt56.211.el7_2, 3.10.0-327.18.2.rt56.223.el7_2, 3.10.0-327.22.2.rt56.230.el7_2, 3.10.0-327.28.2.rt56.234.el7_2, 3.10.0-327.28.3.rt56.235.el7, 3.10.0-327.36.1.rt56.237.el7, 3.10.0-327.36.3.rt56.238.el7, 3.10.0-327.rt56.204.el7, 3.10.0-514.6.1.rt56.429.el7, 3.10.0-514.6.1.rt56.430.el7, 3.10.0-514.10.2.rt56.435.el7, 3.10.0-514.16.1.rt56.437.el7, 3.10.0-514.21.1.rt56.438.el7, 3.10.0-514.26.1.rt56.442.el7, 3.10.0-514.rt56.420.el7, 3.10.0-693.2.1.rt56.620.el7, 3.10.0-693.2.2.rt56.623.el7, 3.10.0-693.5.2.rt56.626.el7, 3.10.0-693.11.1.rt56.632.el7, 3.10.0-693.17.1.rt56.636.el7, 3.10.0-693.21.1.rt56.639.el7, 3.10.0-693.rt56.617.el7, 3.10.0-862.2.3.rt56.806.el7, 3.10.0-862.3.2.rt56.808.el7, 3.10.0-862.3.3.rt56.809.el7, 3.10.0-862.6.3.rt56.811.el7, 3.10.0-862.11.6.rt56.819.el7, 3.10.0-862.14.4.rt56.821.el7, 3.10.0-862.rt56.804.el7, 3.10.0-957.1.3.rt56.913.el7, 3.10.0-957.5.1.rt56.916.el7, 3.10.0-957.10.1.rt56.921.el7, 3.10.0-957.12.1.rt56.927.el7, 3.10.0-957.12.2.rt56.929.el7, 3.10.0-957.21.3.rt56.935.el7, 3.10.0-957.27.2.rt56.940.el7, 3.10.0-957.rt56.910.el7, 3.10.0-1062.1.1.rt56.1024.el7, 3.10.0-1062.1.2.rt56.1025.el7, 3.10.0-1062.4.1.rt56.1027.el7, 3.10.0-1062.4.2.rt56.1028.el7, 3.10.0-1062.4.3.rt56.1029.el7, 3.10.0-1062.7.1.rt56.1030.el7, 3.10.0-1062.12.1.rt56.1042.el7, 3.10.0-1062.18.1.rt56.1044.el7, 3.10.0-1062.rt56.1022.el7, 3.10.0-1127.18.2.rt56.1116.el7, 3.10.0-1127.19.1.rt56.1116.el7, 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7

CPE External links

https://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###